389-ds-base

Clone
Source Code
GIT

#49998 Ticket 49997 RFE: ds-replcheck could validate suffix exists and it's replicated
Closed 3 years ago by spichugi. Opened 5 years ago by gparente.
gparente/389-ds-base dsreplenhancement  into  master

file modified
+32 
@@ -809,6 +809,30 @@ 
 

  

      return report
 

  

+ def validate_suffix(ldapnode, suffix, hostname):
 

+    # Validate suffix exists
 

+    try:
 

+       master_basesuffix = ldapnode.search_s(suffix, ldap.SCOPE_BASE )
 

+    except ldap.NO_SUCH_OBJECT:
 

+       print("Error: Failed to validate suffix in {}. {} does not exist.".format(hostname, suffix))
 

+       return False
 

+    except ldap.LDAPError as e:
 

+       print("Error: failed to validate suffix in {} ({}). ".format(hostname, str(e)))
 

+       return False
 

+ 

+    # Check suffix is replicated
 

+    try:
 

+       replica_filter = "(&(objectclass=nsds5replica)(nsDS5ReplicaRoot=%s))" % suffix

I'd prefer this to use a dirsrv/lib389 type rather than raw search, but a bit late now I think .... 

+       master_replica = ldapnode.search_s("cn=config",ldap.SCOPE_SUBTREE,replica_filter)
 

+       if (len(master_replica) != 1):
 

+         print("Error: Failed to validate suffix in {}. {} is not replicated.".format(hostname, suffix))
 

+         return False
 

+    except ldap.LDAPError as e:
 

+       print("Error: failed to validate suffix in {} ({}). ".format(hostname, str(e)))
 

+       return False
 

+ 

+    return True
 

+ 

  

  def connect_to_replicas(opts):
 

      ''' Start the paged results searches
 
@@ -881,6 +905,14 @@ 
 

                "Please check your credentials and LDAP urls are correct.".format(str(e)))
 

          exit(1)
 

  

+     # Validate suffix
 

+     print ("Validating suffix ...")
 

+     if not validate_suffix(master, opts['suffix'], opts['mhost']):
 

+       exit(1)
 

+ 

+     if not validate_suffix(replica,opts['suffix'], opts['rhost']):
 

+       exit(1)
 

+ 

      # Get the RUVs
 

      print ("Gathering Master's RUV...")
 

      try:

Bug Description:

seen at customer site, as first request to ldap database is the RUV, if the suffix provided in the command line does not exist or it's not replicated, we have an error message that it's regarding the RUV:

ds-replcheck -D "cn=directory manager" -w secret12 -b "o=ipaca" -r ldap://ipamaster.germanparente.local:389 -m ldap://ipareplica.germanparente.local
Performing online report...
Connecting to servers...
Gathering Master's RUV...
Error: Failed to get Master RUV entry: {'desc': 'No such object'}

Fix Description:

add function to validate suffix exists and it's replicated

https://pagure.io/389-ds-base/issue/49997

Author: German Parente gparente@redhat.com

Review by: ???

Looks good @gparente ack

Thanks a lot Mark.

Pull-Request has been merged by gparente
5 years ago

I'd prefer this to use a dirsrv/lib389 type rather than raw search, but a bit late now I think ....

I'd prefer this to use a dirsrv/lib389 type rather than raw search, but a bit late now I think ....

We should get a new ticket opened to convert it at some point. The entire script already uses the raw types everywhere.

The advantage is that the ticket runs "standalone". We have even given this script to customers having a former version where the script had not been delivered and it worked fine.

But why not to use lib389 if we have some better abstraction of the search operation.

I could do this if needed.

The advantage is that the ticket runs "standalone". We have even given this script to customers having a former version where the script had not been delivered and it worked fine.
But why not to use lib389 if we have some better abstraction of the search operation.
I could do this if needed.

Lets open a new ticket/PR to address this...

Yeah, let's do that. :)

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This pull request has been cloned to Github as issue and is available here:
- https://github.com/389ds/389-ds-base/issues/3057

If you want to continue to work on the PR, please navigate to the github issue,
download the patch from the attachments and file a new pull request.

Thank you for understanding. We apologize for all inconvenience.

Pull-Request has been closed by spichugi
3 years ago
Metadata
None
No Tags
Changes Summary 1
+32 -0
file changed
ldap/admin/src/scripts/ds-replcheck
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.